From 51a7666d0d50d0ed13c556d97aded50a3e7f30de Mon Sep 17 00:00:00 2001 From: xudan Date: Mon, 12 Feb 2018 02:17:28 -0500 Subject: Add a function to check the cacert file 1. Currently it won't pass the cacert file to other containers if the OS_AUTH_URL is http not https. 2. However, even though the OS_AUTH_URL is http, it still needs cacert file somewhere for Functest and Rally. 3. This problem is found on Fuel Euphrates. 4. Add a function to check whether the cacert file exists. 5. If exists, pass it to testing project containers. JIRA: DOVETAIL-616 Change-Id: Ied7bcc72e8f1c738bbce32c18096ca13641d3cd7 Signed-off-by: xudan --- dovetail/container.py | 30 +++++++++++++----------------- dovetail/utils/dovetail_utils.py | 19 ++++++++++++++++--- 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/dovetail/container.py b/dovetail/container.py index 69dd5e9a..ca37d810 100644 --- a/dovetail/container.py +++ b/dovetail/container.py @@ -194,24 +194,20 @@ class Container(object): cacert_volume = "" https_enabled = dt_utils.check_https_enabled(cls.logger) - cacert = os.getenv('OS_CACERT',) - if https_enabled: - cls.logger.info("https enabled...") - if cacert is not None: - if not os.path.isfile(cacert): - cls.logger.error("Env variable 'OS_CACERT' is set to {} " - "but the file does not exist." - .format(cacert)) - return None - elif not dovetail_config['config_dir'] in cacert: - cls.logger.error("Credential file has to be put in {}, " - "which can be mount into container." - .format(dovetail_config['config_dir'])) - return None + cacert = os.getenv('OS_CACERT') + insecure = os.getenv('OS_INSECURE') + if cacert is not None: + if dt_utils.check_cacert_file(cacert, cls.logger): cacert_volume = ' -v %s:%s ' % (cacert, cacert) else: - cls.logger.warn("https enabled, OS_CACERT not set, insecure " - "connection used or OS_CACERT missed") + return None + elif https_enabled: + if insecure and insecure.lower() == 'true': + cls.logger.debug("Use the insecure mode...") + else: + cls.logger.error("https enabled, please set OS_CACERT or " + "insecure mode...") + return None result_volume = ' -v %s:%s ' % (dovetail_config['result_dir'], dovetail_config[type]['result']['dir']) @@ -292,7 +288,7 @@ class Container(object): return None if cls.has_pull_latest_image[validate_type] is True: cls.logger.debug( - '{} is already the newest version.'.format(docker_image)) + '{} is already the latest one.'.format(docker_image)) return docker_image old_image_id = cls.get_image_id(docker_image) if not cls.pull_image_only(docker_image): diff --git a/dovetail/utils/dovetail_utils.py b/dovetail/utils/dovetail_utils.py index 5c335679..97186da0 100644 --- a/dovetail/utils/dovetail_utils.py +++ b/dovetail/utils/dovetail_utils.py @@ -139,9 +139,9 @@ def get_ext_net_name(env_file, logger=None): else: https_enabled = check_https_enabled(logger) insecure_option = '' - insecure = os.getenv('OS_INSECURE',) + insecure = os.getenv('OS_INSECURE') if https_enabled: - logger.info("https enabled...") + logger.debug("https enabled...") if insecure: if insecure.lower() == "true": insecure_option = ' --insecure ' @@ -311,7 +311,7 @@ def combine_files(file_path, result_file, logger=None): def get_openstack_endpoint(logger=None): https_enabled = check_https_enabled(logger) insecure_option = '' - insecure = os.getenv('OS_INSECURE',) + insecure = os.getenv('OS_INSECURE') if https_enabled: if insecure: if insecure.lower() == "true": @@ -333,3 +333,16 @@ def get_openstack_endpoint(logger=None): except Exception: logger.exception("Failed to write endpoint info into file.") return None + + +def check_cacert_file(cacert, logger=None): + if not os.path.isfile(cacert): + logger.error("OS_CACERT is {}, but the file does not exist." + .format(cacert)) + return False + if not dt_cfg.dovetail_config['config_dir'] == os.path.dirname(cacert): + logger.error("Credential file must be put under {}, " + "which can be mounted into other container." + .format(dt_cfg.dovetail_config['config_dir'])) + return False + return True -- cgit 1.2.3-korg